Around September 2016, I got interested in online anonymity. I had this idea that I wanted to create a pseudonym to use online, that nobody would be able to trace back to me, and I'd just use it as if it were a completely normal person. I experimented with Tor, came up with a pseudonymous name, etc, and had all these grand plans of operating a secret blog. However, I was stumped when I tried to sign up for Gmail: they needed me to verify my phone number. And it's the same story at every major email provider. And the same on Twitter, Facebook, and even Telegram. I couldn't find a way to "verify" my phone number without revealing some of my identity (e.g. by paying with a credit card).

So I started building SMS Privacy. In hindsight I should have validated the idea first, but halfway through building it I asked a handful of Tor users what they thought, and the feedback was mostly positive, so that spurred me on to continue. The service was pretty simple to implement, it's just a user interface to an SMS API (e.g. Twilio) and processing Bitcoin payments.

The first hurdle came when I found that my API provider was blocking messages of the form "Your Google verification code is 123456". That was a surprise. Even when sending a message like that from a handset, it just silently disappeared into the ether instead of getting delivered to my application. I tried a lot of different SMS services and all but one had this problem. The other one was extremely expensive and required me to physically call them up if I wanted a new number.

So my next idea was to use cheap Android phones and cheap SIM cards and write an Android app that would simply forward SMS to my server – kinda like my own mini-Twilio service, but with no message filtering. And any time a user releases a number, that phone starts vibrating and I have to change the SIM card, at which point the new number becomes available for purchase on the website.

This system works great! But there is still value in having a much cheaper fully-automated system using the API provider, so I offer users the choice.

The original SMS API system is available as "virtual numbers", and the Android phone system has been superseded by a more reliable "physical numbers" service.